Proxy Servers. Introduction 1. Acts as an intermediary between a private network and the internet...
-
Upload
austen-wilson -
Category
Documents
-
view
212 -
download
0
Transcript of Proxy Servers. Introduction 1. Acts as an intermediary between a private network and the internet...
Proxy Servers
Introduction
• 1. Acts as an intermediary between a private network and the internet – both client and remote host think they are communicating directly, when in fact it all goes through the proxy
• 2. Works as a Disk Cache for faster retrieval of frequently requested information
Firewall vs. Proxy Server
• Firewalls work at the Network layer and can block untrusted traffic
• Proxies work at the Application layer – and often map internal network addresses to single IP (NAT). This makes it difficult for outsiders to access internal IPs
• Can also be application specific: http – proxy, ftp-proxy, etc
Circuit-level Proxy
• Works between Application and Transport layer
• Establishes a a virtual circuit between clients and untrusted hosts
• Lets software work as if it had a direct internet connection instead of forcing individual setup of each application
Caching
• Works much like web browser caching, but for multiple users
• Significantly speeds up information retrieval (duh!) and takes load off of actual servers
• Read-ahead caching
• Last-modified multiplier
• Reverse caching
Security Features
• NAT/NPAT
• Packet Sequencing
• Packet Filtering
Modern Proxy
• Usually implemented inside of software suite as opposed to as a stand-alone product
Risks
• Initial configuration – remember access controls
• No access controls leaves the possibility for portscans.
• Worst case – allows for reverse connections
• No need to portscan, however, a google search can find Open Proxies
Proxy Abuse
• Open Proxy
• Simple method (from 2002): telnet to proxy, enter GET http://www.yahoo.com/ HTTP/1.0 – if page is returned, the proxy is ripe for abuse
• Anonymity value – how much does the HTTP header reveal about you?
Examples
• [Wed Aug 21 09:00:46 2002] 80.178.71.x: HEAD http://www.israela.com/sr/0838ap10_thumb.jpmela HTTP/1.0 [Wed Aug 21 09:01:57 2002] 80.178.71.x: HEAD http://www.israela.com/keyz HTTP/1.0 [Wed Aug 21 09:02:59 2002] 80.178.71.x: HEAD http://www.israela.com/private/htpass HTTP/1.0 [Attacker trying to find vulnerable CGI scripts on a porn site]
More Examples
• [Thu Aug 22 10:11:20 2002] 212.0.201.x: GET http://www.helllabs.com.ua/cgi-bin/textenv.pl HTTP/1.0 [Someone testing anonymity of the proxy]
• [Thu Aug 22 11:47:07 2002] 195.190.97.x: CONNECT http://login.icq.com:443/ HTTP/1.0 [Someone trying to hide their IP address on ICQ. Possible IM spammer]
The End?